Note: The below does contain information as indirect quotes or paraphrasing of legally privileged communications with my solicitor. I have not authorised the disclosure of legally privileged material and the below disclosures, therefore, do not constitute a right for law enforcement to snoop further privileged communications.
Over the last few months, as per my other posts, I have tried to explain my reasoning for posting leaked data. Some have claimed I haven’t thought it through, others have said I am simply reckless. I want to assure everyone that I am neither reckless nor naive in the consequences for my actions.
Having spoken to my legal team, who have already demonstrated to me their exceptional legal knowledge in defending me from legal charges, they have assured me that my position from a legal perspective is just. I have explained openly what I am doing and have made no attempts to mislead people in my actions and have also posted plenty of warnings on where my responsibility ends for anything downloaded from my mirrors.
Some possible legislation any charges could be brought up are the following:
The Data Protection Act 1998: As I am not covered under the definition of a data controller or handler, I am exempt from regulation under the act.
Computer Misuse Act 1990: This Act of Parliament introduced three offences within the scope of the act that are as follows:
1. unauthorised access to computer material, punishable by 12 months’ imprisonment and/or a fine “not exceeding level 5 on the standard scale” (since 2015, unlimited);
2. unauthorised access with intent to commit or facilitate commission of further offences, punishable by 12 months/maximum fine on summary conviction and/or 5 years/fine on indictment;
3. unauthorised modification of computer material, punishable by 12 months/maximum fine on summary conviction and/or 10 years/fine on indictment;
My initial impression was that under offences 1 and 2, I may be liable as I did not have authorisation to access or provide access to the material. However, the offences above apply only to those who took the initial data and that is where the breach of proper authority to access it took place. Subsequently, when I download data from the open internet (even if said material has been stolen when unauthorised), I am not accessing that material unlawfully. If I was to download the material from the source (i.e., directly from the Patreon or Ashley Madison servers) then that would constitute an offence.
Theft Act 1968: Section 22(1) provides the scope for an offence usually associated to shoplifting or buying stolen goods, usually referred to as “Handling stolen goods”. The actual offence is as follows:
“A person handles stolen goods if (otherwise than in the course of the stealing) knowing or believing them to be stolen goods he dishonestly receives the goods, or dishonestly undertakes or assists in their retention, removal, disposal or realisation by or for the benefit of another person, or if he arranges to do so.”
There is an element of me making the data available to the public being construed as the retention of stolen goods for the benefit of another person, however as I have not paid for the data or otherwise encouraged the original offence of stealing the data, and that I accessed such data through legitimate means (downloading from a public source), I have been assured that it is highly unlikely a prosecution can be brought forward under these charges.
I believe most angles to prosecute are covered in the above and most have good case law to back me up in the event criminal investigations are ever launched into my conduct. That said, I have been warned by my legal team of the potential repercussions in other jurisdictions. For example, he has acknowledged that while US law is not his area, he believes my actions would constitute an offence under the Computer Fraud and Abuse Act (CFAA) which is a US law. Fortunately, I am not a US citizen, nor do I ever plan to visit the US or use US infrastructure (I make a point of boycotting US products where possible). Therefore, their laws do not apply to me and they never shall, so as far as I am concerned their level of authority over me matches the authority of Ghana’s legal system or North Korea even.
All in all, I still stand by my comments on why I am willing to host the data even when it is highly controversial. In extreme circumstances, I would be willing to omit some sections of the data or even remove the data. If that ever does need to happen I will clearly explain why and what sections of data were removed. Until that day though, my work shall continue.